To-Do Controls

Controls that are not yet implemented or only partially addressed. These require development work (platform) or policy/procedure creation (operator) before the control is satisfied.

24 controls with this tag.

ID	Title	Status	Owner	CSF Function
SID-DATA-06	PII Field Encryption for User Records	to_do	platform	protect
SID-ORG-01	Information Security Policy	to_do	operator	govern
SID-ORG-02	Roles, Responsibilities, and Segregation of Duties	to_do	operator	govern
SID-ORG-03	Risk Management Framework	to_do	operator	identify
SID-ORG-04	Supplier and Third-Party Security	to_do	operator	govern
SID-ORG-05	Legal, Regulatory, and Contractual Compliance	to_do	operator	govern
SID-ORG-06	Wallet Service Practice Statement	to_do	operator	govern
SID-ORG-07	Terms of Service and Privacy Policy	to_do	operator	govern
SID-KEY-03	FIDO WSCD via Sign Extension (previewSign)	to_do	platform	protect
SID-OPS-01	Incident Response and Management	to_do	operator	respond
SID-OPS-02	Business Continuity and ICT Readiness	to_do	operator	recover
SID-OPS-03	Backup and Recovery	to_do	operator	recover
SID-OPS-04	Vulnerability Management	to_do	platform	detect
SID-OPS-05	Change Management	to_do	platform	govern
SID-OPS-06	Monitoring and Alerting	to_do	operator	detect
SID-OPS-07	Fraud Management	to_do	operator	detect
SID-OPS-08	Secure Development Lifecycle	to_do	platform	protect
SID-PPL-01	Personnel Screening and Onboarding	to_do	operator	protect
SID-PPL-02	Security Awareness, Education, and Training	to_do	operator	protect
SID-PPL-03	Confidentiality and Non-Disclosure Agreements	to_do	operator	protect
SID-PPL-04	Information Security Event Reporting	to_do	operator	detect
SID-PHY-01	Data Center Physical Security	to_do	operator	protect
SID-PHY-02	Equipment and Media Security	to_do	operator	protect
SID-PRIV-03	Right-to-Erasure Bulk Deletion API	to_do	platform	protect